In many web applications, particularly in the online banking, credit, shopping and auction applications, it is desirable to have a user log in using a unique login name and a password to authenticate the user before authorizing the user to access certain web pages on the web server. While there are many web-based authentication techniques being implemented, they all have security weaknesses or vulnerabilities.
The vulnerabilities have been exploited via a number of different attacks through which hackers have tried to obtain the user name and password and/or other personal information of the user in order to gain access to these websites, including spoofing, phishing and fraudulent web sites. One particular attack to which web-based authentication has been subjected is called the man-in-the-middle attack in which the attacker is able to read, insert and modify the messages between the client and the server without either knowing that the link between them has been compromised.
It will of course be appreciated that computer system authentication and security are concerns across software applications more generally, whether they are deployed in a standalone capacity, a client/server capacity or a peer-to-peer capacity.